PT-2022-7627 · Linux+2 · Linux Kernel+2

Marek Vasut

Published

2022-02-16

Updated

2025-02-08

CVE-2022-48917

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the ASoC component in the Linux kernel, specifically with the function snd soc put volsw(). The problem arises because the limits of the control can be signed integers, and the $min value can be non-zero and less than zero. To correctly validate $val/$val2 against platform max, the $min offset needs to be added to val first. This issue can lead to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2024-07471

CVE-2022-48917

OESA-2025-1094

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3249-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3225-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3249-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Linux Kernel

Red Os

Suse

PT-2022-7627 · Linux+2 · Linux Kernel+2

CVE-2022-48917

Weakness Enumeration

Related Identifiers

Affected Products

References · 782